pfsense

Netgear Routers Hailed as Dangerous – Here are some alternatives worth considering

netgear-R7000CERT, a US Federal government agency tasked with cyber-security research, has issued an alert advising consumers to stop using various models of Netgear routers. These devices are subject to a trivially simple command injection exploit. Ars Technica has a nice overview of the matter.

Normally I’d have literally nothing to say about this, since it simply doesn’t impact us. Wanna know why it doesn’t impact us?

We don’t use a consumer router that runs closed source firmware.  We don’t think that you should either. In fact, you probably shouldn’t let your friends and family use that junk either.

Perhaps this holiday season, and all of the travelling & visiting that goes along with it, presents an opportunity to help someone unsuspecting secure their home network.

Read More

Chances Are Your Router’s Firmware Blows

Linksys WRT-54G RouterYou surely have a lock on your front door. Do you have such a lock on your network? Though you may think so, but it may well be wholly unlocked. Or at least, you may not be able to know for certain that it’s locked. If you use a commercial Wi-Fi router from your ISP, or one of the big names like Linksys, Belkin, DLink et al, your network may not be as secure as you think.

At the outset let me state that, as someone who reads hereabouts, you’re no dummy. You’ve taken steps to ensure that the router doesn’t still have  the default admin password. You’re using modern encryption on your Wi-Fi. You’re being responsible, but there are things beyond your grasp.

The simple fact is that the firmware the runs most retail, commercial routers is closed source. As such, you have no ready way to verify it’s behavior. Yet, the manufacturer, by virtue of necessity, uses various common software modules to create their firmware. They may even use some open source modules, but end up with an closed source binary in the end.

The upshot of this reality is that you have a very small team of developers responsible for maintaining the code. That means updates come along slowly, if at all for older devices. By extension, serious security issues get addressed slowly, if they ever get addressed at all.

Read More

Recent Thoughts About The Edge of My Network

monowall-pfsense-alix-kitIn recent weeks I’ve been accumulating some thoughts about the edge of networks, and the edge of my home office network in particular.

This all started last month where there was an Ars Technica article describing how someone found a backdoor that allowed an evil-doer to gain admin access to a common consumer combination DSL Modem/router/Wifi AP. The author initially proved the exploit by hacking his Linksys WAG200G wireless gateway.

The article describes how he published the script used to run the exploit. That allowed others to try the exploit against various makes/models of consumer hardware. It thus came to light that the same trick works against various products from Linksys and Netgear, amongst others.

Read More

Choosing A Router/Firewall For A Small Office

net4801_2_lOne project that I’m am about to start is moving from my m0n0wall router to a new one build around pfsense. The motivation for the project is the integration of our Comcast Business Class internet service into the rest of the household. At present there are two separate networks, with only a few devices enjoying the high speed cable service. The pfsense system will be configured for dual WAN, accessing both the cable service and Covad DSL circuit.

My existing m0n0wall runs on an old Soekris Net4801. In service for many years, it has been extremely reliable. If m0n0wall does what you need I have no hesitation in recommending the software. Support from the user community is tremendous as well.

Read More
Back To Top